Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.4.0
-
None
-
None
-
HDP 2.2
Description
When configuring ranger-admin to use LDAPS it seems to not be supported or breaks with incorrect error.
In install.properties
xa_ldap_url="ldaps://host.domain.com:636"
While attempting to log in to ranger admin web ui, /var/log/ranger/admin/xa_portal.log shows:
2015-01-13 15:54:34,522 [http-bio-6080-exec-3] INFO com.xasecure.security.listener.SpringEventListener (SpringEventListener.java:87) - Login Unsuccessful:hari | Ip Address:x.x.x.x | Bad Credentials
I could understand if this is because my LDAPS server uses a self-signed cert and I need to supply a trusted CA cert but I can't see any setting for that or find any documentation around Apache Ranger LDAPS. (I use this LDAPS server with trusted CA cert elsewhere so I know it works)
That Bad Credentials error is clearly wrong because redeploying ranger-admin using straight LDAP allows login to succeed with the same password:
xa_ldap_url="ldap://host.domain.com:389"
However it's insecure to only work with plain LDAP.
Required fixes:
1. Add LDAPS support + document
2. Fix error message to be accurate to the problem and not always report Bad Credentials as this will confuse users
Regards,
Hari Sekhon
http://www.linkedin.com/in/harisekhon